HIPAAList

Completing the Security Risk Assessment

The SRA page turns the HHS/OCR SRA workbook into a guided questionnaire that becomes easier to complete as HIPAAList records improve.

Follow-through7 min read
HIPAAList
Workspace Organization
hipaalist

Security Risk Assessment

Built from the HHS/OCR Security Risk Assessment Tool. HIPAAList helps organize answers, related work, and risk follow-up.

Draft

Autosaved May 27, 2026, 3:54 PM

Questions Answered

2 / 126

2% answered

Current Risks

1

Open follow-up

Resolved Risks

1

Risk history

Questions

All 126Needs Answer 124Has Suggestion 8Answered 2
1

Has your practice completed a security risk assessment (SRA) before?

Related:Area: EHR AccessAction: User accounts
Answered?
No.

Suggested Suggested because no saved SRA version exists yet.

2

Do you review and update your SRA?

Related:Area: EHR AccessAction: User accounts
Answered?
Yes.

Suggested Suggested because SRA review is part of this HIPAAList workflow.

3

Do you include all information systems containing, processing, and/or transmitting ePHI in your SRA?

Related:Area: EHR AccessAction: User accounts
Needs Answer?
Choose an answer
The SRA keeps workbook-style questions familiar while linking users back to the records that can improve answers.

1. Answer workbook questions without starting from scratch

The SRA page follows the workbook section structure and answer options, then stores one autosaved draft for the organization.

Once every question is answered, the organization can save an SRA version. Later changes update the draft until the next completed version is saved, so the assessment can keep improving over time.

3. Use the Risks table for SRA follow-up

The Risks table collects Action-scoped risks in one place. Open risks stay surfaced until they are resolved, while resolved risks remain available for assessment history.

Clicking a risk opens the related Action and can take the user directly to the risk detail.